spatie / security-advisories-health-check
A Laravel Health check to security advisories for PHP packages
Fund package maintenance!
spatie
Installs: 1 162 703
Dependents: 5
Suggesters: 0
Security: 0
Stars: 43
Watchers: 2
Forks: 7
pkg:composer/spatie/security-advisories-health-check
Requires
- php: ^8.3
- spatie/packagist-api: ^2.1
Requires (Dev)
- nunomaduro/collision: ^8.0
- pestphp/pest: ^4.0
- phpstan/extension-installer: ^1.1
- phpstan/phpstan-deprecation-rules: ^1.0
- phpstan/phpstan-phpunit: ^1.0
- spatie/laravel-health: ^1.22.0
README
This package contains a Laravel Health check that can report any known security issues with the installed PHP packages in your application.
The security advisories are fetched from Packagist and are sourced from GitHub and other sources.
Usage
You can register this check, typically this happens in a service provider:
use Spatie\Health\Facades\Health; use Spatie\SecurityAdvisoriesHealthCheck\SecurityAdvisoriesCheck; Health::checks([ SecurityAdvisoriesCheck::new()->retryTimes(5), ]);
Caching
By default, this package will make an HTTP request to Packagist every time the health check runs. To reduce API calls and improve performance, you can enable caching by calling cacheResultsForMinutes()
:
use Spatie\Health\Facades\Health; use Spatie\SecurityAdvisoriesHealthCheck\SecurityAdvisoriesCheck; Health::checks([ SecurityAdvisoriesCheck::new() ->retryTimes(5) ->cacheResultsForMinutes(60), // Enables caching for 1 hour ]);
The package uses Laravel's default cache driver.
Configuration Options
SecurityAdvisoriesCheck::new() ->retryTimes(3) // Number of retry attempts on failure ->cacheResultsForMinutes(120) // Cache duration in minutes ->ignorePackage('vendor/package') // Ignore specific packages ->ignoredPackages([ // Ignore multiple packages 'vendor/package1', 'vendor/package2' ]);
Documentation
The documentation of this package is available inside the docs of Laravel Health.
Support us
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security Vulnerabilities
Please review our security policy on how to report security vulnerabilities.
Credits
License
The MIT License (MIT). Please see License File for more information.